TikTok has claimed that the Trump administration’s reasons for wanting it banned are mostly based on incorrect assumptions about its technology.
Featuring the testimony of TikTok chief security officer Roland Cloutier, the document picks apart some of the USA’s reasons for wanting the app kicked out of the USA unless Oracle takes it over.
Cloutier starts with an assertion by the US Department of Commerce (DoC) in a Memo that TikTok “partially shares” some code and infrastructure with Douyin, the Chinese version of the service.
Not so, Cloutier writes, characterising the software stack for TikTok and Douyin as “entirely separate” and “deployed separately.” Source code and data for TikTok are also managed separately from Douyin.
‘Robbery, economic plunder, victim of larcenous cronyism and a heist’
The CSO also corrects a DoC point that claims TikTok leases servers from China Unicom’s Americas operations. Not so, he said. TikTok only leases Rackspace and ByteDance owns and operates all of its own servers. China Unicom staff can’t access the cages in which TikTok runs without authorisation. He also reveals that TikTok uses Alibaba, Google, Microsoft and AWS. No wonder Oracle is so happy to be in the box seat to run the service!
An important note: The DoC memo redacts some sections and does not mention China Unicom. TikTok appears to have outed the company as a supplier in this filing.
Cloutier also said that TikTok runs a proprietary operating system and security controls explicitly designed to keep its hosting companies out of its apps and data.
Next up: data transfer to China, which Cloutier shoots down by saying TikTok has cleansed its app of reliance on active Chinese IP addresses. While four Chinese IP addresses remain, two refer to devices in Singapore.
He also explained that TikTok has stopped collecting users’ MAC addresses, only ever did so to detect fraud anyway and only encrypted them to protect users.
China watches 170,000 years’ worth of short videos every day
His last point addresses TikTok’s use of the clipboard on iOS devices and says it was only present because Google’s Ads SDK required it but has since been removed. He contends that another use of the clipboard was to validate spam reports that came from copied comments.
TikTok’s filing doesn’t rebut all of the DoC’s assertions about the service. It doesn’t directly address whether China’s government was able to access US users’ data before TikTok moved it onto US soil in February 2019. Nor is Chinese government influence over ByteDance rebutted or contested.
The DoC memo also includes several redactions that could make other allegations that could never come to light.
TikTok’s rebuttal of the memo may yet end up being irrelevant if the Oracle/Walmart acquisition of the app’s operations proceeds. But with president Trump yet to sign off that deal, the US presidential election now less than three weeks away, rhetoric escalating and and many analyses of the deal suggesting it will not get ByteDance entirely out of US citizens’ lives , almost anything could yet happen. ®